Exam MS-102 topic 1 question 188 discussion

My answer: YNN

Should this not be YYN two different notification rules

NNN User1 received an alert at 8:05 (receives only 1 alert for Activity and won't receive the repeat at 8:07(both are activity 1)) User2 received an alert at 8:05 (with user1 since they are both in policy1, which receives only 1 alert for Activity and won't receive the repeat at 8:07 (both are activity 1)) User1 won't receive an alert, as policy1 is low & policy2 is medium & low, while the alert is High

NNN 1 only one mail send for a activity 2 8.07 same activity, the mail was prevously send 3 8.20 high risk level, not in the policy

Statements: 1. [email protected] will receive two incident notification emails for the alert at 8:05 - NO Notification1 is configured to send the first notification per incident. Since this is the first notification for Activity1, User1 will receive one email for the alert at 08:05. They will not receive a second email for the same alert. 2. [email protected] will receive an incident notification email for the alert at 8:07 - NO Since Notification1 is set to send only the first notification per incident, and Activity1 already triggered a notification at 08:05, User2 will not receive an additional notification for the alert at 08:07. 3. [email protected] will receive an incident notification email for the alert at 8:20 - NO Notification1 applies only to Low severity alerts, and Notification2 applies only to Low and Medium severity alerts. The alert at 08:20 has a high severity, so User1 will not receive a notification for this alert.

NNN is the currect answer 1. User1 will not receive 2 alerts within one minute 2. User2 already got alert at 8:05 (again within one minute user2 will not get at 8:07) 3. High alert is not configured

N, N, N One alert not 2. Already got an alert at 805 Alert high so won't get it.

Note the words here, chose to be notified on first ocurrence of incident. https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/get-email-notifications-on-new-incidents-from-microsoft-365/ba-p/2012518#:~:text=You%20can%20also%20choose%20to,name%2C%20severity%2C%20and%20category.&text=Once%20you%20get%20the%20notification,start%20your%20investigation%20right%20away.

Box 1: No - Notification it has: First notification per incident Only notify on first occurrence per incident - Select if you want a notification only on the first alert that matches your other selections. Later updates or alerts related to the incident won't send additional notifications. Box 2: Yes - Box 3: No - Severity of the 8:20 incident is high, so neither of the notification rules will trigger. Note: Alert severity - Choose the alert severities that will trigger an incident notification. For example, if you only want to be informed about high-severity incidents, select High. Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview

I say the answer is correct. No: The device will receive only one incident alert at 8:05 as notification1 is set: first alert per incidents. Yes: device is in scope to receive alert for this incident. No: Alert is severity High

https://learn.microsoft.com/en-us/defender-xdr/configure-email-notifications

https://www.examtopics.com/discussions/microsoft/view/81762-exam-ms-101-topic-2-question-101-discussion/# Go to bac0n answer (roller coaster) which perfectly describes this. N/N/N

I'm going to agree with Paul_white based on the link he provided. N/N/N https://www.examtopics.com/discussions/microsoft/view/81762-exam-ms-101-topic-2-question-101-discussion/#

Correct answer is NO, NO, NO https://www.examtopics.com/discussions/microsoft/view/81762-exam-ms-101-topic-2-question-101-discussion/#